惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
CXSECURITY Database RSS Feed - CXSecurity.com
Help Net Security
Help Net Security
P
Privacy International News Feed
S
Securelist
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Tor Project blog
AWS News Blog
AWS News Blog
K
Kaspersky official blog
A
Arctic Wolf
Latest news
Latest news
T
Threat Research - Cisco Blogs
L
LINUX DO - 最新话题
P
Privacy & Cybersecurity Law Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
Google DeepMind News
Google DeepMind News
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
月光博客
月光博客
N
News and Events Feed by Topic
Jina AI
Jina AI
博客园 - 司徒正美
WordPress大学
WordPress大学
罗磊的独立博客
雷峰网
雷峰网
AI
AI
Hugging Face - Blog
Hugging Face - Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
S
Security @ Cisco Blogs
博客园 - 三生石上(FineUI控件)
H
Heimdal Security Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
酷 壳 – CoolShell
酷 壳 – CoolShell
C
Cisco Blogs
博客园 - 【当耐特】
The Hacker News
The Hacker News
有赞技术团队
有赞技术团队
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Schneier on Security
Schneier on Security
博客园 - Franky
S
SegmentFault 最新的问题
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Cloudbric
Cloudbric
爱范儿
爱范儿
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
S
Secure Thoughts
Last Week in AI
Last Week in AI
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Know Your Adversary
Know Your Adversary
Google DeepMind News
Google DeepMind News

WhatIs

Strategic IT outlook: Tech conferences and events calendar | TechTarget 8 AI use cases in manufacturing Enterprises are making an AI native transformation Zero trust in the IT ops stack: Securing hybrid workloads How algorithmic value sets enhance clinical decision-making Top methods for collecting customer feedback Build a data governance team that delivers results How to calculate the total cost of ownership of ERP software Communities call for transparency in AI data center deals Scalable IT infrastructure: Balancing speed with stability How health systems are tackling 'Kill the Clipboard' obstacles Understanding the science behind AI-based hiring assessments Tape's strategic role in modern data protection How to choose an HR software system in 2026: A complete guide The UC stack gets the policy job Top zero-trust use cases in the enterprise 13 top IT infrastructure conferences in 2026 SNMP vs. CMIP: What's the difference? 3 essential network analytics use cases AI Security Risks Force CIOs to Rethink Strategy Red Hat Summit 2026 news and conference guide | TechTarget What is HR technology (human resources tech)? Understand, optimize and track customer journey touchpoints Should IT use Apple Business Manager without MDM? Build and organize an effective machine learning team The storage modernization imperative in a fast-changing IT landscape Procurement automation use cases for CSCOs to consider 3 steps for health system leaders to drive patient safety culture What is DevOps? Meaning, methodology and guide Enterprises Face New Storage Bottlenecks as AI Grows A guide to Intune Suite licensing for endpoint management Epic controls 42% of the US EHR market. Does that help or hurt interoperability? SAP Sapphire 2026 news, trends and analysis | TechTarget How to develop a data governance strategy: 7 key steps 12 generative AI tools for marketing and sales teams Top 9 smart contract platforms to consider in 2026 Top 8 e-signature software providers for 2026 Rise with SAP vs. S/4HANA Cloud: What are the differences? How businesses use KPIs to measure AI's performance 5 clues your network has shadow AI How do digital signatures work? Collaboration security and governance must be proactive Compare SAP greenfield vs. brownfield approach for S/4HANA Merck, Home Depot tap Gemini Enterprise for AI agent development Rural challenges may dampen digital healthcare's potential Build an ethical AI framework: 12 top resources The great workload reshuffle: Choices for AI and analytics How to remove a device from Intune enrollment Cisco unveils quantum network advancements 3 BYOD security risks and how to prevent them 10 of the top carbon accounting software 8 trends powering machine learning's dynamic new roles Network engineers must take the lead to push DDI to the cloud How does Microsoft 365 Copilot pricing and licensing work? ONC highlights behavioral health EHR adoption trends, data exchange barriers LLMs struggle with clinical reasoning, study finds Democratizing AI in business: The good, bad and ugly What can organizations do to address BYOD privacy concerns? Fix the service path before you optimize it with AI How AI reshapes upselling in customer experience platforms When collaboration starts becoming operational drag Balancing health AI management with growing vendor sprawl Career cure for AI phobia: Be a beekeeper, not a worker bee 16 top applicant tracking systems for 2026 How a rural community hospital deploys AI to detect heart disease 8 examples of document version control Guide to 30+ sustainability certifications for professionals AI agents are only as smart as the data that feeds them AI could earn trust in transactional work first How to fix keyboard connection issues on a remote desktop How to add and enroll devices to Microsoft Intune 11 DevSecOps best practices to prioritize in 2026 6 key components of a successful data strategy How to enable Copilot in Microsoft 365: A step-by-step guide What CIOs need to know about Meta's proposed CEO AI agent Top AI recruiting tools and software of 2026 How contact centers detect and prevent fraud 10 essential skills for modern contact center agents Beyond the chatbot: Engineering the agentic enterprise AI in business intelligence: How to manage it effectively Why legacy networks are a growing liability Failure is an option as an IT leadership tool How HR can create a successful change management strategy HR AI is becoming a change management story Digital transformation: Balancing speed and governance RSAC 2026 Conference: Key news and industry analysis | TechTarget 8 best practices for a bulletproof IAM strategy 5 customer journey phases businesses should understand 12 top HR software and tool options to consider in 2025 6 contact center trends shaping the future of customer service Contact center monitoring best practices for CX leaders Cloud vs. local backup: Which is right for your organization? 6 steps for when remote desktop credentials are not working How governance maturity affects M&A integration outcomes Inside the push to turn AI agents into suite functionality How should contact centers use AI today? Accenture global health lead on scaling AI in healthcare with governance and intent 10 best free DevOps certifications and training courses in 2026 What is compensation management? What CIOs must know about bossware strategy
Biggest healthcare data breaches reported to OCR in 2026, so far | TechTarget
Jill Hughes · 2026-06-16 · via WhatIs

Hacking remains the top type of healthcare data breach reported to the HHS Office for Civil Rights six months into 2026, underscoring the volatility of the cyberthreat landscape. More than 19 million individuals have been impacted by healthcare data breaches in 2026 as we approach the year's halfway point.

OCR displays healthcare data breaches impacting more than 500 individuals on its breach portal, giving covered entities and the public a peek into this pervasive issue. On the portal, healthcare data breaches fall into four categories: hacking/IT incidents, unauthorized access/disclosure, loss and theft.

So far this year, just one theft has been reported, along with one loss and 14 unauthorized use/disclosures. As of June 9, 2026, the remaining 173 reports were attributed to hacking/IT incidents.

While some of the following data breaches occurred in 2025, this list reflects breaches reported to OCR in 2026. OCR consistently updates its data breach portal, so exact figures may vary.

The 10 largest breaches reported this year so far show that threat actors are continuing to target organizations of all sizes, focusing on provider organizations and business associates alike.

TriZetto Provider Solutions: 3,433,965 individuals affected

Revenue cycle management company TriZetto Provider Solutions filed this year's largest breach report to date in February 2026. The company, owned by IT company Cognizant, handles more than 2.5 billion healthcare transactions annually..

According to a breach notice provided to the Maine Attorney General's Office, TriZetto first became aware of suspicious activity within its systems on Oct. 2, 2025. Upon discovery, the company launched an investigation and notified law enforcement.

Further investigation revealed that an unauthorized party had been accessing records related to insurance eligibility verification transactions since November 2024. TriZetto found that the affected data potentially included names, addresses, Social Security numbers, health insurer names, dates of birth and other demographic and health insurance information.

TriZetto said in its breach notice that it immediately took protective measures to safeguard its systems.

QualDerm Partners: 3,117,874 individuals affected

QualDerm, a healthcare management company that operates a network of over 150 dermatology and cosmetic surgery practices across 17 states, suffered a breach in December 2025.

On Dec. 24, 2025, QualDerm detected unauthorized activity on certain systems and immediately launched an investigation, which determined that an unauthorized individual had removed information from QualDerm's systems.

The impacted information included patient and doctor names, medical record numbers, email addresses, treatment and diagnosis information and health insurance information.

QualDerm said it was unaware of any attempted or actual misuse of the impacted information.

"As part of our ongoing commitment to the privacy of personal information in our care, we are reviewing our existing policies and procedures regarding information security, as well," the notice stated.

QualDerm reported the breach to OCR in February 2026.

Nacogdoches Memorial Hospital: 2,507,073 individuals affected

Nacogdoches Memorial Hospital, a 226-bed hospital in Nacogdoches, Texas, reported a breach to OCR in March 2026. NMH became aware of a data security incident on Jan. 31, 2026, when a cyberattack enabled an unauthorized party to compromise its computer network.

NMH said it immediately notified law enforcement and activated its incident response plan. The impacted information included names, addresses, phone numbers, Social Security numbers, medical account numbers, health plan beneficiary numbers and photographs.

"NMH takes the security of all information in its systems very seriously and wants to assure its patients that it has taken steps to prevent a similar event from occurring in the future," a notice to patients stated.

"This includes implementation of remediation measures to prevent recurrence, to strengthen NMH's network security, enhancing NMH's cyber preparedness through additional awareness training, and updating NMH's procedures."

Navia Benefit Solutions: 2,151,330 individuals affected

Navia Benefit Solutions, a national benefits provider, filed a breach report with OCR in March 2026 after discovering suspicious activity within its environment on Jan. 23, 2026.

Further investigation revealed that an unauthorized party had accessed and potentially acquired information between Dec. 22, 2025, and Jan. 15, 2026. The breach involved names, Social Security numbers, dates of birth, phone numbers, email addresses and health plan information.

Navia said it has since reviewed the security of its systems, notified impacted individuals and assessed its policies and procedures to reduce the likelihood of a similar event in the future.

NYC Health + Hospitals: 1,800,000 individuals affected

NYC Health + Hospitals, the largest municipal healthcare system in the U.S., discovered a cyberattack on its computer network on Feb. 2, 2026. The health system launched an investigation and determined that an unauthorized actor accessed its systems between Nov. 25, 2025, and Feb. 11, 2026, copying files in the process.

"Although the investigation is ongoing, it appears that the unauthorized actor may have gained access to NYC Health + Hospitals systems due to a security breach at a third-party vendor," the health system said in its March 2026 notice.

The breach involved health insurance information, medical and biometric information, billing and claims data, Social Security numbers and financial account information.

In response to the breach, NYC Health + Hospitals said it deployed additional protective technologies across its network, reset credentials for compromised accounts and updated its remote access management policies.

The health system is now facing scrutiny from lawmakers over the breach. Senate Health, Education, Labor, and Pensions Committee Chair Bill Cassidy (R-La.) sent a letter to NYC Health + Hospitals CEO Mitchell Katz on June 4, 2026, seeking answers about the scope and impact of the cyberattack.

OpenLoop Health: 716,000 individuals affected

OpenLoop Health, a white-label telehealth infrastructure vendor, disclosed a breach that occurred on Jan. 7, 2026. The company offers licensing and credentialing, practice management and provider staffing services to digital health companies.

According to a breach notice provided to the California Attorney General's Office, OpenLoop discovered that an unauthorized party had removed certain information from its systems during a cyberattack.

OpenLoop confirmed that the unauthorized access had been terminated. It also  engaged external cybersecurity specialists and arranged complimentary credit monitoring for impacted individuals. It said it would continue to enhance its security posture.

ApolloMD Business Services: 626,540 individuals affected

ApolloMD Business Services, an Atlanta-based healthcare management services organization that provides clinical staffing, practice management and administrative support, experienced a breach in 2025 that it reported to OCR in February 2026.

ApolloMD first became aware of suspicious activity within its IT systems on May 22, 2025, later determining that an unauthorized actor had accessed and potentially acquired information pertaining to patients treated by ApolloMD's affiliated physicians.

The impacted data included names, diagnoses, dates of service, treatment information, health insurance information and Social Security numbers.

ApolloMD notified 11 physician practices of the breach between July and September 2025.

Erie Family Health Centers: 570,000 individuals affected

Illinois-based Erie Family Health Centers experienced a data breach that potentially exposed patient names, email addresses, Social Security numbers, biometric data, prescription information, taxpayer ID numbers, passport numbers and health insurance information.

Erie discovered the breach on Jan. 27, 2026. It launched an investigation that determined an unauthorized party had gained access to Erie's systems between Dec. 10, 2025, and Jan. 27, 2026.

"Erie takes its obligations with respect to the privacy and security of information seriously. We have taken steps to address the incident and are committed to protecting the information entrusted to us," the notice to patients stated.

Erie provided patients with information on safeguarding their information and signing up for complimentary credit monitoring services.

Minnesota Department of Human Services: 303,965 individuals affected

In January 2026, the Minnesota Department of Human Services disclosed a third-party breach to OCR that involved its MnCHOICES system. MnCHOICES is Minnesota's free assessment and support planning system used by counties, tribal nations and managed care organizations to support planning work for individuals who need long-term services.

The breach stemmed from FEI Systems, the vendor that manages MnCHOICES. FEI Systems specializes in providing health IT solutions to federal, state and local agencies. According to the Minnesota Department of Human Services' breach notice, a "provider-associated user" accessed the demographic records of over 300,000 individuals and additional information for 1,206 of those individuals.

The user no longer has access, and there is no evidence that the information has been misused.

"The DHS Office of Inspector General is aware of this incident and has developed data-driven processes to monitor and evaluate billing information, in an effort identify [sic] whether there was fraudulent or inappropriate use of the accessed data," the notice stated.

"If potential fraud is identified, DHS will fully investigate and when appropriate refer those matters to law enforcement."

This breach was the only one in the top 10 that was caused by unauthorized access/disclosure rather than a hacking/IT incident.

North Texas Behavioral Health Authority: 285,086 individuals affected

The North Texas Behavioral Health Authority, a certified community behavioral health clinic, suffered a data breach after learning that a hacker accessed and copied information from its network.

The impacted data included names, Social Security numbers, addresses, driver's license numbers, medical information and health insurance information.

Jill Hughes has covered health tech news since 2021. Her coverage areas include cybersecurity, HIPAA compliance, interoperability, AI and EHRs.